Skip to content
AI Development Knowledge Base

Untitled

A blueprint and iterative roadmap for a production-grade toolkit that helps AI assurance practitioners plan, evidence, and deliver assurance engagements over the AI systems of APRA-regulated entities.

What this is

This module is documentation only. It does not contain application code. It specifies what to build, why, and in what order so that an implementation team can construct the toolkit on top of best-available open-source components.

It is the third-line / assurance counterpart to the sibling ../ai-governance-tooling/ package, which targets first- and second-line Responsible AI assessment. Where that package helps teams build AI responsibly, this package helps practitioners form an independent, defensible assurance conclusion about AI systems — against APRA’s prudential expectations and the professional assurance standards (ASAE/ISAE 3000 and the ASAE 3000-series).

Who it serves

Two personas, served from one shared core:

  • External / independent assurance — firms performing reasonable or limited assurance, or agreed-upon-procedures engagements (ASAE 3000, ASAE 3150, ASAE 3402) over an APRA-regulated client’s AI systems.
  • Internal audit (third line) — in-house functions providing independent assurance over their own organisation’s AI, directly addressing the internal-audit capability gap APRA named in its 30 April 2026 letter.

Why it exists

APRA’s 30 April 2026 letter to industry operationalised three existing prudential standards (CPS 220, CPS 230, CPS 234) with explicit AI expectations, and made two structural points: point-in-time assurance is insufficient, and internal audit must be able to independently assess probabilistic and agentic systems. The repository already holds the research needed to respond — APRA obligations, professional assurance standards, and 21 open-source tool-category analyses — but no single artifact turns that research into a buildable toolkit. This module is that artifact.

Start here

Read START-HERE.md for the navigation hub and role-based reading paths.

Status

Blueprint v0.6 — draft for review. Revision history (rigour review, research-intersection review, document-evidence workflow, case-integrity and evidence-staleness decisions) is in CHANGELOG.md.